Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools.
Dependencies
- clamav
- hashdeep
- rm (*nix)
- git
- mount (*nix)
- docker
Download & Install
gem install owasp-glue
or
docker run owasp/glue
Installation & run for Development purpose
git clone https://github.com/owasp/glue cd glue -- RVM will set to 2.3.1 with Gemset Glue gem install bundler bundle install cd lib ../bin/glue -h
To run the code, run the following from the root directory:
>ruby bin/Glue <options> target
To build a gem, just run:
gem build Glue.gemspec
Glue is intended to be extended through added “tasks”. To add a new tool, copy an existing task and tweak to make it work for the tool in question.
For common options:
-d for debug
-f for format (takes "json", "csv", "jira")
glue --help (for full list)
Target
- Filesystem (which is analyzed in place)
- Git repo (which is cloned for analysis)
- Other types of images (.iso, docker, etc. are experimental)
Integration
First, grab the hook from the code.
meditation:hooks mk$ cp /area53/owasp/Glue/hooks/pre-commit .
Then make it executable.
meditation:hooks mk$ chmod +x pre-commit
Make sure the shell you are committing in can see docker.
meditation:hooks mk$ eval "$(docker-machine env default)"
Now go test and make a change and commit a file. The result should be that Glue runs against your code and will not allow commits unless the results are clean. (Which is not necessarily a reasonable expectation)